The fourth iteration of the world's worst ransomware Cryptowall has surfaced with gnarlier encryption tactics and better evasion tricks that have fooled current antivirus platforms.

Ransomware has ripped through scores of businesses and end-user machines in sporadic and targeted attacks that have cost victims millions of dollars in ransom payments made to criminals who have illegally encrypted valuable files.

The worst offenders remain at large including a single group who may be behind Cryptowall 3.0 and have made some US$325 million this year according to the Cyber Threat Alliance, dwarfing FBI June figures which noted it extorted some US$18 million from US victims alone in about a year.

Andra Zaharia of Denmark-based Heimdal Security says Cryptowall 4.0 is employing "vastly improved" communications and better code, so it can exloit more vulnerabilities.

"Cryptowall 4.0 still includes advanced malware dropper mechanisms to avoid antivirus detection, but this new version possesses vastly improved communication capabilities," Zaharia says.

"It includes a modified protocol that enables it to avoid being detected, even by second generation enterprise firewall solutions.

For example, the nasty-ware now alters filenames as well as file contents, so it's harder for victims to work out what's been encrypted.

Ransom payments in the latest version are badged as a price tag for security software.

Net scum are still communicating with Cryptowall 4.0 over Tor and using hacked web pages to deliver payloads that include botnet componentry to assist further malware delivery.

Actors have tried various tactics to get ransomware on machines and thwart back up efforts.

One of the most unique was a variant that silently encrypted and decrypted databases on the fly in a bid to avoid detection. That meant months of backups would contain encrypted data that could not be decrypted unless a ransom was paid for the respective key.

Another revealed last week threatened user data would be published online if a ransom was not paid. There is no indication the Chimera ransomware lived up to that capability according to analysis.

It follows the death of the Coinvault and Bitcryptor ransomware which Kaspersky confirmed after the arrest of the alleged authors and release of all 14,000 decryption keys.

It is clear that a ransomware crime wave will surge across America and Canada. Here is what we expect will happen in 2016 and what you need to look out for:

Ransomware attacks doubled in 2015 and will double again in 2016. The U.K. is to some extent a bell-weather for the U.S. as they function as a beta test site for Eastern European cyber mafias who can test malicious code in their own time zone. Well, over half (54%) of all malware targeting UK users in 2015 contained some form of ransomware. Buckle up.

The use of Cryptowall 4.0 will explode, and Cryptowall V5.0 will add an actual working "feature" that the TeslaCrypt strain only threatened with: extortion by potentially publishing private personal or sensitive business files on the Internet.

Cryptowall will be the first strain of ransomware to hit a billion dollars in total damages.

Ransomware is the new APT: "Annoying Persistent Threat", as it will be increasingly used in double-payload attacks combined with other scams.

Ransomware-as-a-service hosted on the TOR network and using Bitcoin for ransom payment enables a new generation of cybercrime newbies to make their mark.

Cyber mafias will focus on professional services firms and local government using Cryptowall as their tool and extort tens of thousands of dollars from organizations that don't want their business disrupted or their intellectual property compromised.

A new sleeper ransomware variant will start to stealthily encrypt data, pull your critical files onto a C&C Server, and wait until a backup been made. At that point they will yank the encryption key and demand a much larger amount of ransom than the current 500 bucks.

Bonus Wild-Ass Guess: Ransomware gets bundled with worm-like malware to "brick" all the Windows endpoints and servers of a targeted organization. Cybercriminals will use this technique on a large scale, demanding millions in Bitcoins from their victims and may even offer "innovative" payment plans with protection terms.

Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a “free security scan,” especially when faced with a pop-up, an email, or an ad that claims “malicious software” has already been found on your machine. Unfortunately, it’s likely that the scary message is a come-on for a rip-off.

The free scan claims to find a host of problems, and within seconds, you’re getting urgent pop-ups to buy security software. After you agree to spend $40 or more on the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what’s worse, the program now installed on your computer could be harmful.

Scammers have found ways to create realistic but phony “security alerts.” Though the “alerts” look like they’re being generated by your computer, they actually are created by a con artist and sent through your Internet browser.

These programs are called “scareware” because they exploit a person’s fear of online viruses and security threats. The scam has many variations, but there are some telltale signs. For example:

you may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
you may get “alerts” about “malicious software” or “illegal pornography on your computer;”
you may be invited to download free software for a security scan or to improve your system;
you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.
Scareware purveyors also go to great lengths to make their product and service look legitimate. For example, if you buy the software, you may get an email receipt with a customer service phone number. If you call, you’re likely to be connected to someone, but that alone does not mean the company is legitimate. Regardless, remember that these are well-organized and profitable schemes designed to rip people off.

How Do the Scammers Do It?
Scareware schemes can be quite sophisticated. The scam artists buy ad space on trusted, popular websites. Even though the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software.

What to Do
If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is on the up-and-up.

Good Security Practices
Check that your security software is active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element — or a security suite that includes these programs — from a variety of sources, including commercial vendors and your Internet Service Provider. The security software that was installed on your computer when you bought it generally works for just a short time — unless you pay a subscription fee to keep it in effect. Visit http://security.getnetwise.org/tools/search for a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.

Make it a practice not to click on any links within pop-ups.

Report possible fraud online at ftc.gov/complaint or by phone at 1-877-FTC-HELP. Details about the purchase — including what website you were visiting when you were redirected — are helpful to investigators.

Visit www.OnGuardOnline.gov to learn more about protecting your computer from bugs, viruses and scammers.

This article was previously available as "Free Security Scan" Could Cost Time and Money.

Report Scams
If you believe you’ve responded to a scam, file a complaint with: